Category: Ubuntu 14.04

I’m just going through PCI Compliance for a company that I work for. The security scan picked an apparent vulnerability in the open-ssh server. The vulnerability had been patched in Ubuntu 14.04 and so this is a false positive. I thought that I post put about it because I found lots of posts where people are trying to compile their the latest open-ssh servers to get around this problem – when in fact it isn’t actually a problems. Compiling your own version of the open-ssh server isn’t recommended because you will have to continually patch the package yourself from then on.

The warning text said:

Threat:
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.

The sshd server fails to validate user-supplied X11 authentication credentials when establishing an X11 forwarding session. An authenticated user may inject arbitrary xauth commands by sending an x11 channel request that includes a newline character in the x11 cookie.
Please note that Systems with X11Forwarding enabled are affected.

Affected Versions:
OpenSSH versions prior to 7.2p2
Impact:
An authenticated, remote attacker can exploit this vulnerability to execute arbitrary commands on the targeted system.
Solution:
Users are advised to upgrade to the latest version of the software available. Refer to OpenSSH 7.2p2 Release Notes for further information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

I was trying to sftp some files using Python Paramiko on Ubuntu 14.04 and got the following error: “paramiko.SSHException: Incompatible ssh peer (no acceptable kex algorithm)”. It turns out that there is an incompatibility issue with OpenSSH 6.7 and Paramiko with a version less than 1.15.1. At the time of writing (November 2014) Ubuntu 14.04 came with 1.10.1.

To fix the issue, you need to upgrade Paramiko to at least 1.15.1. You can do this by using PIP which is a Python package management system. Here is how to you do this:

Ubuntu 14.04 comes with both MySQL 5.5 and MySQL 5.6 and by default uses MySQL 5.5. However, you can upgrade to MySQL 5.6 by doing the following steps:

Step 1 – Take a backup!

mysqldump -u root --all-databases > /home/me/add_databases.sql

Step 2 – Remove the old MySQL
I recommend using ‘apt-get purge’ rather than ‘apt-get remove’ to uninstall the old MySQL server. Don’t worry, this doesn’t mean all your data in /var/lib/mysql will be deleted. The purge command just removes all the configuration files in /etc/mysql/ . This is important because some old MySQL configurations aren’t supported in 5.6.

If you have an unsupport configuration option (for example: table_cache was renamed table_open_cache) MySQl doesn’t silently ignore these settings… it simply doesn’t start. Oh and it doesn’t show any warnings. So you really should remove any list in /etc/mysqal/conf.d . You can read the list of settings that might have changed.

So…

apt-get purge mysql-server-5.5 mysql-client-5.5
apt-get autoremove

Step 3 – Install the new MySQL 5.6

sudo apt-get install mysql-server-5.6 mysql-client-5.6

And you are done. Hurray.

p.s. For interest, you can see which repository these packages are in from using the ‘apt-cache policy’ command:

I have just upgraded from Ubuntu 12.04 to Ubuntu 14.04 on our Bacula backup server. Everything is backing up okay however it’s failing to delete the catalogue backup job after it has run. The error message is:

I just upgraded from Ubuntu 13.10 to Ubuntu 14.04. However, after I had entered the username and password the computer froze. Unity just appears to hang. I fixed this by reinstalling Unity.

Note – this problem might have be caused by the upgrade process. I’m not sure it was related to this error message:

(gtk-update-icon-cache:19911): GdkPixbuf-WARNING **: Cannot open pixbuf loader module file '/usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache': No such file or directory
This likely means that your installation is broken.
Try running the command
gdk-pixbuf-query-loaders > /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache to make things work again for the time being.

I tried running gdk-pixbuf-query-loaders > /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache but this didn’t seem to fix the problem.

Step 1 – Get into the terminal
You enter the terminal by holding down ctrl-atl and pressing f2. You can actually press any of the f (function) key and you get a new terminal.